Cyber Posture

CVE-2025-9142

High

Published: 14 January 2026

Published
14 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0001 1.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9142 is a high-severity Path Traversal (CWE-22) vulnerability in Checkpoint (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 2 other techniques.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation
addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
attack.mitre.org →
Why these techniques?

Path traversal enables arbitrary local file writes/deletes, directly facilitating privilege escalation (T1068), file deletion for indicator removal (T1070.004), and stored data manipulation (T1565.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.

Deeper analysisAI

CVE-2025-9142 is a path traversal vulnerability (CWE-22) affecting the Harmony SASE Windows client from Check Point. Published on 2026-01-14, it enables a local user to trigger the client to write or delete files outside the intended certificate working directory. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity with local attack vector, high attack complexity, low privileges required, and user interaction needed, along with changed scope and high impacts to confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability by inducing user interaction to manipulate certificate handling, causing the Harmony SASE Windows client to perform unauthorized file writes or deletions beyond its designated working directory. Successful exploitation could allow arbitrary file modification or removal, potentially leading to privilege escalation, data corruption, or denial of service, given the high impact ratings across confidentiality, integrity, and availability with scope change.

Check Point has published advisory SK184557 at https://support.checkpoint.com/results/sk/sk184557, which provides details on the issue and recommended mitigations for the Harmony SASE Windows client.

Details

CWE(s)
CWE-22

Affected Products

Checkpoint
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-6855Shared CWE-22
CVE-2026-3243Shared CWE-22
CVE-2025-2193Shared CWE-22
CVE-2026-35214Shared CWE-22
CVE-2026-25059Shared CWE-22
CVE-2026-25161Shared CWE-22
CVE-2026-24741Shared CWE-22
CVE-2024-48885Shared CWE-22
CVE-2025-55282Shared CWE-22
CVE-2025-25371Shared CWE-22

References